New Feature: Amazon S3 now supports Object Versioning

Versioning provides an additional layer of protection for your S3 objects. You can easily recover from unintended user errors or application failures. You can also use Versioning for data retention and archiving. Once you have enabled Versioning for a particular S3 bucket, any operation that would have overwritten an S3 object (PUT, POST, COPY, and DELETE) retains the old version of the object. Here’s a simple diagram of Versioning in action:

Each version of the object is assigned a version id. For example, each version of Robot.png has its own version id:

The actual version ids are long strings; I’ve used v1, v2, and v3 to simplify the picture. You can retrieve the most recent version of an object by making a default GET request or you can retrieve any version (current or former) by making a version-aware request and including a version id. In effect, the complete key for an S3 object in a versioned bucket now consists of the bucket name, the object name, and the version id.

S3’s DELETE operation works in a new way when applied to a versioned object. Once an object has been deleted, subsequent default requests will no longer retrieve it. However, the previous version of the object will be preserved and can be retrieved by using the version id. Only the owner of an S3 bucket can permanently delete a version.

Normal S3 pricing applies to each version of an object. You can store any number of versions of the same object, so you may want to implement some expiration and deletion logic if you plan to make use of this feature.

Enabling Versioning’s MFA Delete setting on your bucket provides even more protection. Once enabled, you will need to supply two forms of authentication in order to permanently delete a version from your bucket: your AWS account credentials and the six-digit code and serial number from anMFA (Multi-Factor Authentication) device in your possession.